Example 1 with ImportStep
use of com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep in project OpenAM by OpenRock.
the class XacmlServiceTest method testImportXACMLDryRun.
@Test
public void testImportXACMLDryRun() throws Exception {
//given
query.add("dryrun", "true");
Representation representation = mock(Representation.class);
InputStream is = new ByteArrayInputStream("Hello World".getBytes());
doReturn(is).when(representation).getStream();
StubPrivilege privilege = new StubPrivilege();
privilege.setName("fred");
XACMLExportImport.ImportStep importStep = mock(XACMLExportImport.ImportStep.class);
doReturn(XACMLExportImport.DiffStatus.ADD).when(importStep).getDiffStatus();
doReturn(privilege).when(importStep).getPrivilege();
List<ImportStep> steps = Arrays.asList(importStep);
doReturn(steps).when(importExport).importXacml(eq("/"), eq(is), any(Subject.class), eq(true));
//when
Representation result = service.importXACML(representation);
//then
assertThat(result).isInstanceOf(JacksonRepresentation.class);
Map<String, Object> resultMap = JsonValueBuilder.toJsonArray(result.getText()).get(0).asMap();
assertThat(resultMap).contains(entry("status", "A"), entry("name", "fred"));
verify(response).setStatus(Status.SUCCESS_OK);
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
StubPrivilege(org.forgerock.openam.entitlement.rest.StubPrivilege)
JacksonRepresentation(org.restlet.ext.jackson.JacksonRepresentation)
Representation(org.restlet.representation.Representation)
XACMLExportImport(com.sun.identity.entitlement.xacml3.XACMLExportImport)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
Subject(javax.security.auth.Subject)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
Test(org.testng.annotations.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 2 with ImportStep
use of com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep in project OpenAM by OpenRock.
the class XACMLExportImportTest method canImportPrivilegesIntoRealm.
@Test
public void canImportPrivilegesIntoRealm() throws Exception {
// Given
// shared test state
Privilege privilegeToUpdate = existing(valid(privilege("p1")));
Privilege privilegeToAdd = notExisting(valid(privilege("p2")));
PrivilegeSet privilegeSet = new PrivilegeSet(Collections.<ReferralPrivilege>emptyList(), asList(privilegeToUpdate, privilegeToAdd));
given(xacmlReaderWriter.read(eq(NULL_INPUT))).willReturn(privilegeSet);
// When
List<ImportStep> importSteps = xacmlExportImport.importXacml(ROOT_REALM, NULL_INPUT, NULL_SUBJECT, false);
// Then
assertThat(importSteps).hasSize(2);
assertImportStep(importSteps.get(0), DiffStatus.UPDATE, privilegeToUpdate);
assertImportStep(importSteps.get(1), DiffStatus.ADD, privilegeToAdd);
verify(validator).validatePrivilege(privilegeToAdd);
verify(validator).validatePrivilege(privilegeToUpdate);
verify(pm).add(privilegeToAdd);
verify(pm).modify(privilegeToUpdate);
}
Also used :
FactoryMethods.createArbitraryPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryPrivilege)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
FactoryMethods.createArbitraryReferralPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryReferralPrivilege)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
Test(org.testng.annotations.Test)
Example 3 with ImportStep
use of com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep in project OpenAM by OpenRock.
the class XACMLExportImportTest method canPerformAnImportDryRun.
@Test
public void canPerformAnImportDryRun() throws Exception {
// Given
// shared test state
Privilege privilegeToUpdate = existing(valid(privilege("p1")));
Privilege privilegeToAdd = notExisting(valid(privilege("p2")));
PrivilegeSet privilegeSet = new PrivilegeSet(Collections.<ReferralPrivilege>emptyList(), asList(privilegeToUpdate, privilegeToAdd));
given(xacmlReaderWriter.read(eq(NULL_INPUT))).willReturn(privilegeSet);
// When
List<ImportStep> importSteps = xacmlExportImport.importXacml(ROOT_REALM, NULL_INPUT, NULL_SUBJECT, true);
// Then
assertThat(importSteps).hasSize(2);
assertImportStep(importSteps.get(0), DiffStatus.UPDATE, privilegeToUpdate);
assertImportStep(importSteps.get(1), DiffStatus.ADD, privilegeToAdd);
verify(validator).validatePrivilege(privilegeToAdd);
verify(validator).validatePrivilege(privilegeToUpdate);
verify(pm, times(0)).add(any(Privilege.class));
verify(pm, times(0)).modify(any(Privilege.class));
}
Also used :
FactoryMethods.createArbitraryPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryPrivilege)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
FactoryMethods.createArbitraryReferralPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryReferralPrivilege)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
Test(org.testng.annotations.Test)
Example 4 with ImportStep
use of com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep in project OpenAM by OpenRock.
the class XacmlService method importXACML.
/**
* Expects to receive XACML formatted XML which will be read and imported.
*/
@Post
public Representation importXACML(Representation entity) {
boolean dryRun = "true".equalsIgnoreCase(getQuery().getFirstValue("dryrun"));
List<ImportStep> steps;
try {
if (!checkPermission("MODIFY")) {
// not allowed
throw new ResourceException(new Status(FORBIDDEN));
}
String realm = RestletRealmRouter.getRealmFromRequest(getRequest());
steps = importExport.importXacml(realm, entity.getStream(), getAdminToken(), dryRun);
if (steps.isEmpty()) {
throw new ResourceException(new Status(BAD_REQUEST, "No policies found in XACML document", null, null));
}
List<Map<String, String>> result = new ArrayList<Map<String, String>>();
for (XACMLExportImport.ImportStep step : steps) {
Map<String, String> stepResult = new HashMap<String, String>();
stepResult.put("status", String.valueOf(step.getDiffStatus().getCode()));
stepResult.put("name", step.getPrivilege().getName());
result.add(stepResult);
}
getResponse().setStatus(Status.SUCCESS_OK);
return jacksonRepresentationFactory.create(result);
} catch (EntitlementException e) {
debug.warning("Importing XACML to policies failed", e);
throw new ResourceException(new Status(BAD_REQUEST, e, e.getLocalizedMessage(getRequestLocale()), null, null));
} catch (IOException e) {
debug.warning("Reading XACML import failed", e);
throw new ResourceException(new Status(BAD_REQUEST, e, e.getLocalizedMessage(), null, null));
}
}
Also used :
Status(org.restlet.data.Status)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
XACMLExportImport(com.sun.identity.entitlement.xacml3.XACMLExportImport)
IOException(java.io.IOException)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ResourceException(org.restlet.resource.ResourceException)
ResourceException(org.forgerock.json.resource.ResourceException)
Map(java.util.Map)
HashMap(java.util.HashMap)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
Post(org.restlet.resource.Post)
Example 5 with ImportStep
use of com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep in project OpenAM by OpenRock.
the class CreateXACML method handleRequest.
/**
* Services the command line request to import XACML.
*
* Required Arguments:
* realm - Defines the realm the Policies will be imported into.
* xmlfile - References the XACML file from which the Policies should be read.
*
* Optional Arguments:
* dryrun - Optional flag indicates that, rather than carrying out the import,
* a report of anticipated affects should be generated.
* outfile - Optional reference to a file for dryrun report to be written, if not provided
* the dryrun report is written directly to stdout.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
Subject adminSubject = SubjectUtils.createSubject(adminSSOToken);
String realm = getStringOptionValue(IArgument.REALM_NAME);
ensureEntitlementServiceActive(adminSubject, realm);
InputStream xacmlInputStream = getXacmlInputStream(realm);
logStart(realm);
if (!XACMLUtils.hasPermission(realm, adminSSOToken, "MODIFY")) {
String errorMessage = MessageFormat.format(getResourceString("permission-denied"), "create-xacml", getAdminID());
CLIException clie = new CLIException(errorMessage, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
logException(realm, clie);
throw clie;
}
List<ImportStep> importSteps;
try {
PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, realm)));
XACMLExportImport xacmlExportImport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
importSteps = xacmlExportImport.importXacml(realm, xacmlInputStream, adminSubject, isDryRun());
} catch (EntitlementException e) {
debugError("CreateXACML.handleRequest", e);
logException(realm, e);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
debugError("CreateXACML.handleRequest", e);
logException(realm, e);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (importSteps.isEmpty()) {
String message = getResourceString("no-policies-provided");
logNothingToImport(realm, message);
getOutputWriter().printlnMessage(message);
} else {
logSuccess(realm);
if (isDryRun()) {
outputDryRunResults(importSteps);
} else {
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-policy-in-realm-succeed"), realm));
}
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
SearchFilterFactory(com.sun.identity.entitlement.xacml3.SearchFilterFactory)
SMSException(com.sun.identity.sm.SMSException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
XACMLExportImport(com.sun.identity.entitlement.xacml3.XACMLExportImport)
Subject(javax.security.auth.Subject)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
PrivilegeValidator(com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
CLIException(com.sun.identity.cli.CLIException)
RealmValidator(com.sun.identity.entitlement.xacml3.validation.RealmValidator)
XACMLReaderWriter(com.sun.identity.entitlement.xacml3.XACMLReaderWriter)
Aggregations
ImportStep (com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)6
XACMLExportImport (com.sun.identity.entitlement.xacml3.XACMLExportImport)4
Test (org.testng.annotations.Test)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
InputStream (java.io.InputStream)3
Subject (javax.security.auth.Subject)3
EntitlementException (com.sun.identity.entitlement.EntitlementException)2
IPrivilege (com.sun.identity.entitlement.IPrivilege)2
Privilege (com.sun.identity.entitlement.Privilege)2
ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)2
FactoryMethods.createArbitraryPrivilege (com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryPrivilege)2
FactoryMethods.createArbitraryReferralPrivilege (com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryReferralPrivilege)2
StubPrivilege (org.forgerock.openam.entitlement.rest.StubPrivilege)2
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)2
JacksonRepresentation (org.restlet.ext.jackson.JacksonRepresentation)2
Representation (org.restlet.representation.Representation)2
SSOToken (com.iplanet.sso.SSOToken)1
CLIException (com.sun.identity.cli.CLIException)1
SearchFilterFactory (com.sun.identity.entitlement.xacml3.SearchFilterFactory)1
XACMLReaderWriter (com.sun.identity.entitlement.xacml3.XACMLReaderWriter)1
